Pioneering cybersecurity education
Fueled by rapid growth in cybersecurity professions, academia and the public and private sectors are working to develop agile programs to meet industry needs.
USF Sarasota-Manatee campus Associate Professor of Information Technology and Cybersecurity Giti Javidi, PhD, cites data from the Clearwater-based nonprofit Center for Cyber Safety and Education that projects the cybersecurity workforce gap will reach 1.8 million by 2022. Meanwhile, worldwide cybercrime will cost individuals, corporations, institutions and governments $6 trillion each year.
“The workforce shortage in cybersecurity is a serious issue which will have profound implications for national, economic and personal security,” Javidi said. “As the idea of cybersecurity expands, universities will try to expand the pool of cybersecurity talent to narrow the workforce gap, and companies will look for professionals with technical and multidisciplinary skills.”
However, she believes cybersecurity programs at the K-12 level and in higher education are not mature enough to produce industry-ready professionals as rapidly as cybersecurity needs them. To bridge the gap, Javidi believes both short- and long-term solutions are required.
In the short term, she advocates temporarily training existing IT professionals to help fill high-risk cybersecurity positions. Longer term, she suggests creating strategies to inspire and train the next generation of professionals with technical expertise and cybersecurity skills.
To meet ever-increasing workforce demands, cybersecurity awareness, education and training must begin early, Javidi added. She agrees with many cybersecurity experts who believe that the people responsible for managing systems designed to prevent hacks and data breaches often are, in fact, the weakest link in the security chain. If they are not adequately trained, they can make mistakes capable of undermining even the most sophisticated systems.
Consequently, enhanced awareness and behavior modifications are essential to creating the “human firewall” that will effectively turn “weak” human links into strong security partners, she said.
Javidi added that the first and most important step will be to increase behavior-focused cybersecurity education programs built around the three core concepts of the U.S. Department of Commerce’s National Institute of Standards and Technology:
- “Awareness” - as cognizance of security threats and knowledge of response mechanisms
- “Training” - as the teaching of skills needed to tackle security issues
- “Education” - as a combination of all of these skills, along with holistic understanding of concepts, risks and remediation of cyber threats
Hence, Javidi has focused on devising a holistic approach (see graphic this page) to create evidence-based cybersecurity awareness and training programs for K-12 parents, teachers and students. The objective is to develop scalable and adaptive resources, curricula and activities that enable schools to teach cybersecurity using well-researched methods.
With the support of grants she has received, Javidi is collaborating with colleagues and industry partners to develop an effective “Cybersecurity Community of Practice” that will provide a safe platform to exchange resources and ideas about cybersecurity.
Her innovative and holistic approach to meeting cybersecurity challenges and efforts to inspire women to join Science, Technology, Engineering and Mathematics fields earned her 2017 Women of Influence Award and USF’s 2018 Women in Leadership and Philanthropy Award.
Identifying potential hacks before they happen
Recent cyber-attacks on the Marriott hotel chain and credit-reporting agency Equifax exposed the personal data of a combined nearly 600 million people, heightening awareness of what has become a serious issue for individuals, businesses, institutions and government entities.
A research project by USF Sarasota-Manatee campus Associate Professor of Information Systems and Decision Science Ehsan Sheybani, PhD, “Cyber Forensics and Crime,” is tackling what the U.S. Government Accountability Office (GAO) recently designated a government-wide, immediate high-risk area due to increasing cyber-based threats and the persistent nature of security vulnerabilities.
Cyber forensics is the key to this approach, according to Sheybani. The technology encompasses recovery and investigation of e-data and information found on websites and in databases, mobile phones and other sources. Armed with that data, it utilizes highly specialized tools and techniques to trace the origin of cyber-attacks and to identify breaches of information security, industrial espionage and identity and financial fraud.
A University of Maryland study released in 2017 found that computers experienced attempted cyber-attacks every 39 seconds. According to the Mountain View, California-based internet security firm Symantec, cyber criminals execute 130 large-scale, targeted breaches per year, while 24,000 malicious mobile apps are blocked each day.
“The cyber forensics science landscape is evolving rapidly as digital and cyber-attacks become more frequent,” Sheybani said. “The past few years of my employment at USF have coincided with one of the most important periods in U.S. history during which our nation and government have been the target of many cybersecurity attacks and threats. These attacks have affected the lives, finances and well-being of so many of us. I came to the realization that I can combine some of my skills with those of my colleagues to come up with solutions that can help our nation.”
Phase one of the research, scheduled to launch this year, encompasses designing and building a database and mobile forensic lab system with forensics tools, experiments, tutorials, videos and case studies. The second phase includes development of virtualized cyber forensic resource management accessible by institutional departments, other State University System of Florida institutions, as well as the Florida Center for Cybersecurity (Cyber Florida) based at USF, partners and affiliates to allow collaborative training and workforce development in immersive, real-world and closed exercise environments.
Because cybercrime differs from traditional crime, creating strategies to reduce or eliminate it presents unique challenges, such as:
- The variety and vast amount of data stored in databases and mobile devices
- The number of mobile transactions on a daily basis
- The absence of standard practices and guidelines for analyzing data
- The absence of a qualified workforce in sufficient numbers to perform investigations
- The lack of capacity and resources to provide ongoing training
- Those challenges inform and guide the research conducted by Sheybani, who collaborates with other faculty and graduate students on projects that will help prepare students to enter the workforce equipped to identify and eliminate cyber threats.
“Now it’s a role of a cyber forensic expert to bring cybercriminals to justice,” Sheybani said. “Researching and establishing effective cyber forensics tools to detect and prevent malware attacks are important aspects of cybersecurity. So, our effort has been to train the future workforce with hands-on experiences that make us stronger against cyber-attacks of this kind.”
Last year, USF’s College of Engineering in Tampa announced a new major in cybersecurity. This offering joined existing certificate programs and master’s degree programs in cybersecurity and cybercrime. USF, thanks to Cyber Florida, is uniquely positioning the university as a statewide and national leader in the field. Sheybani and his fellow researchers view that as another opportunity.
“We are proposing an online, hands-on lab for malware detection and prevention,” Sheybani said. “This will allow USF and other universities to take advantage of our project.”
Up next for Sheybani is continued cyber-related research, including K-12 education and awareness in addition to creating highly-needed educational modules.